Github App Scope Bug?

Hi everyone! :wave:

I’m creating this topic because i haven’t been able to find a solution for this particular problem i’m having with the REST api. Currently i’m in the process of creating a Github App that should be able to:

  1. List all the repositories of any user that has authorized the app.
  2. Create a branch in any of the repositories listed.

In order to solve the previous requirements I have been following the steps found in this tutorial:

https://docs.github.com/en/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps

So far the workflow looks like this:

  1. Request GitHub identity for the user: Done :white_check_mark:. The code and state parameters necesary for the subsequently log on are succesfully retrieved if the user authorizes the app.
  2. Get the user access token after log in: Done :white_check_mark:. Using the parameters requested the app is able to obtain an access_token and all the session data needed to use the REST point of the Github API.
  3. Use the access token for retrieving user resources: Done with errors :warning:. Using the access_token obtained in the login phase the app is able to retrieve repositories using the GET endpoint https://api.github.com/user/repos, alas the app is unable to get the private repositories of the user account, the response for a private repositories request is always an empty array.

There is an even more worrysome result when doing a resource request: Creating a POST call to the endpoint https://api.github.com/repos/:user/:repo/git/refs returns a “Resource not accesible by integration” response.

Currently my Github app has all the pertinent permissions for repositories enabled, but with the actual affair of things it seems that the app doesn’t have enough permissions to adquire an access_token useful for our app objectives, strangely it seems to me that i am not doing anything wrong during the authorization and authentication workflow.

I would be extremely grateful if the community could help me find the reason for the strange behaviour that i am getting from the REST api.